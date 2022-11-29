The data leak of more than 530 million users suffered by the social network Facebook between 2018 and 2019, taking advantage of a security breach that was closed in the summer of 2019, and from which even Mark Zuckerberg’s telephone number was Affected, he continues to talk about.

And it is that as a result of the Insider publication in April 2021, at which time he announced the existence of leaked data in a hacking forum obtained through the (later closed) security breach, affecting both full names , locations, telephone numbers or date of birth, among others, the European regulatory body on data protection chose to carry out an investigation.

From Facebook, when the news broke, they have tried to defend themselves by removing iron from the matter, arguing that it was old data and that it had been extracted from Facebook profiles by the attackers.

At that time, those interested were able to verify that, despite the age of the data, in many cases, they were still valid, to the astonishment of more than one.

Europe gets serious about GDPR compliance

And now, for this same fact, and after the investigations carried out, the Irish Data Protection Commission (DPC) imposes a fine of 265 million euros on Meta, the parent company of Facebook, the third fine that the European regulatory body imposes on Meta so far in 2022.

According to the Irish Data Protection Commission:

The scope of the investigation concerned an examination and assessment of Facebook search tools, Facebook Messenger contact importer and Instagram contact importer in connection with processing carried out by Meta Platforms Ireland Limited (‘MPIL’) during the period from May 25, 2018 to September 2019

For the agency, Meta had infringed articles 25 (1) and 25 (2) of the GDPR, which focus on data protection by design and by default. But in addition to the sanction, it is also imposing a series of corrective measures, pointing out the following in this regard:

The decision imposed a reprimand and an order requiring MPIL to [Meta Platforms Ireland Limited] comply with your processing by taking a series of specific corrective actions within a specified timeframe

Meta now has three months to comply with the corrective measures, which TC learned, which will be based on:

appropriate technical and organizational measures with respect to the Relevant Features with respect to any ongoing processing of personal data, to ensure that, by default, only personal data that is necessary for each specific processing purpose is processed, and that by default personal data are not accessible without the intervention of the individual to an indefinite number of natural persons